New technology frontiers and privacy draw experts to sold-out conference

As new technologies lead us to reconsider existing privacy concepts and boundaries, ICC hosted a unique conference to deliberate how existing data protection laws apply in a rapidly changing landscape.

A ‘conference within a conference’ the one-day event took place on the second day of the International Association of Privacy Professionals’ Europe Data Protection Congress in Paris on 29-30 November.

Featuring international experts from Yahoo, Google, Cisco and Oracle, as well as views from the Organisation for Economic Co-operation and Development (OECD), EU Data Protection Supervisor and the Spanish Data Protection Authority (DPA), the ICC conference sessions were opened by Christopher Kuner, Partner, Hunton & Williams, Brussels.

Mr Kuner, Chair of the ICC Task Force on Privacy and Protection of Personal Data, opened the sessions noting ICC’s long-standing record helping regulators and business develop and improve tools to streamline the process to ensure personal data is protected. Such tools include the most recently approved EU commission adopted standard contract clauses for transfers between data controllers and data processors.The sold-out conference brought together corporate privacy officers, legal counsel and regulators. ICC’s four sessions covered the following topics: The participative web; cloud computing – the Internet of things; convergence and global standards.

Rosa Barcelo of the EU Data Protection Supervisor’s office spoke of the proposed changes to the EU Data Protection Directive revisions. She discussed the participative web and explained how it presents challenges for data protection authorities on determining who bears the ‘data controller’ responsibility when users post personal information about others on a social network or other platform. In the same session, Justin Weiss of Yahoo and Peter Fleischer of Google explained how their companies were trying to enhance mechanisms for people to better understand the privacy implications of their web activities and to give them a clearer path to control what information they share and with whom they share it.

Discussing the topic of cloud computing and in particular the Internet of things, Isabelle Falque-Pierrotin, Commissioner in charge of Cloud Computing for the French data protection authority the CNIL, explained that their approach is to apply existing data protection principles pragmatically on a case by case approach rather than drafting any overly specific regulations for the cloud. Johns Hopkins University Fellow Elliot Maxwell and Cisco engineer Steinthor Bjarnason, described the technical complexity of the issue and reinforced the need for governments not to overstep with regulation that would snuff out innovation and cut off enormous potential for new services and benefits.

During the discussion on convergence with Daniel Pradelles of Hewlett-Packard, Joseph Alhadeff, Vice President Global Public Policy and Chief Privacy Strategist, Oracle Corporation and ICC E-business and IT Telecoms Commission Vice Chair, said: “It is important to properly combine law, policy and technology in order to properly understand and implement privacy within today’s global ecosystem of business – from privacy by design to emerging models of accountability”. Mr Pradelles highlighted the need for business enterprises to bear in mind that observing the right to privacy is not only about complying with the law but demonstrating ethics in day-to-day business activity. He spoke at length about the comprehensive corporate privacy programme HP has implemented.

Later in a panel on global standards with Michael Donahue of the OECD and Rafael Garcia from the Spanish data protection authority, Mr Alhadeff warned that imposing detailed, potentially conflicting, non-flexible technology or policy standards within jurisdictions or regions results in greater complexity for business while not necessarily providing greater or more effective protection for individuals. The OECD, whose principles were praised for their longevity and adaptability, is currently reviewing their principles to see if revisions or further guidance might be required. The Spanish DPA is leading an initiative to develop global privacy standards pursuant to resolutions adopted at the International Data protection Conferences in Madrid and Jerusalem that could at some point be made binding through an international instrument or body.

The ICC sessions of the conference were organized by ICC’s Task Force on Privacy and Protection of Personal Data.